ajinabraham/OWASP-Xenotix-XSS-Exploit-Framework - OWASP Xenotix XSS Exploit Framework is an advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework. github.com/ajinabraham/OW…
👍︎ 3
💬︎
📅︎ Dec 23 2020
🚨︎ report
Practical Reflected XSS - Owasp Cross Site Scripting youtube.com/attribution_l…
👍︎ 3
📰︎ r/owasp
💬︎
👤︎ u/MotasemHa
📅︎ Feb 17 2019
🚨︎ report
Understanding the #OWASP Top 10 is critical to the improvement of web application security. In this video we highlight cross site scripting. After prooving an exploit, it is our job to work together and remediate vulnerabilities. youtu.be/1XKmyldzEBo
👍︎ 4
📰︎ r/owasp
💬︎
📅︎ Apr 04 2018
🚨︎ report
Secure Node Apps Against OWASP Top 10 - Cross Site Scripting scottksmith.com/blog/2015…
👍︎ 4
📰︎ r/node
💬︎
📅︎ Jun 22 2015
🚨︎ report
OWASP Appsec Tutorial Series - Episode 3: Cross Site Scripting (XSS) - fixed link! youtube.com/watch?v=_Z9RQ…
👍︎ 12
📰︎ r/netsec
💬︎
👤︎ u/psiinon
📅︎ Jul 11 2011
🚨︎ report
The Best Reasons to Adopt a Security-First Approach

Balancing data privacy and security with user experience is one of the most complex tasks for software developers.

Many projects have higher priority for business functionality, and security-related tasks are lower priority which leads to an insecure system.

Here are some reasons why putting security at the forefront of our designs and development is essential.

Why is Security by Design Important?

The security by design methodology should be enforced in the product design and development stages to make more secure and reliable software. Rather than applying security at the final stages of the software, it is better to start the project with security awareness.

Finding the issues related to the security of the project at the final stage of the development process might force the development team to expand further unplanned time to re-architecture or make dozens of changes.

What are the Dangers of Weak or Flawed Security?

One of the problems with poor security design on software is the exposure of sensitive data.

For instance, the simple scenario is that the user enters his/her account and clicks an image to download it. What if that link is available to others and there is no authentication or resource protection?

Something as simple as a compromised linking strategy can be difficult to fix after the fact and could eventually lead to a steep drop-off in user confidence and a corresponding plummet in the adoption of your app or service.

How do We Define Secure Design? Integrity, Confidentiality & Availability

When talking about security by design, we need to define several terms. Classic information security usually includes confidentiality, integrity, and availability.

Keeping information secret that should not be made known to the public.

For instance, your healthcare record – Confidentiality. When your information is safe and does not change by any third party, this is Integrity. For instance, votes for election. Availability implies that the information is at hand on time. For example, when there is a call for a hospital, they need to know the location and the address immediately.

All 3 factors are mandatory if you are concerned about security by design in your project. Moreover, in recent years many governments and legal bodies have introduced rules which require traceability of data use, access, and dissemination. This features in laws such as the [European GDPR](https://en.wikipedia.org/wiki/General

... keep reading on reddit ➡

👍︎ 2
📰︎ r/hackernoon
💬︎
📅︎ Oct 19 2021
🚨︎ report
What is Web Fuzzing: How can Web Fuzzing be useful in Pentest?

Fuzzing is generally finding bugs/issues using automated scanning with supplying unexpected data into an application then monitoring it for exceptions/errors/stack traces. The motive is to supply superfluous data to trigger exceptions and see if it could lead to issues.

Fuzzers work best for discovering vulnerabilities that can be exploited by buffer overflow, DOS (denial of service), cross-site scripting, and SQL injection. These schemes are often used by malicious hackers intent on wreaking the greatest possible amount of havoc in the least possible time. Fuzz testing is less effective for dealing with security threats that do not cause program crashes, such as spyware, some viruses, worms, Trojans, and keyloggers.

Although fuzz testing is simple, it offers a high benefit-to-cost ratio and can often reveal serious defects that are overlooked when software is written and debugged. It cannot provide a complete picture of the overall security, quality, or effectiveness of a program, however, and is most effective when used in conjunction with extensive black box testing, beta testing, and other proven debugging methods.

Fuzzing is since several years and has been done in different ways. The term "fuzz" originated from a fall 1998 class project in the graduate Advanced Operating Systems class (CS736), taught by Prof. Barton Miller at the University of Wisconsin.

Fuzzing Web Applications:

Web application fuzzing is basically fuzzing web applications to expose common web vulnerabilities which are mentioned in OWASP  Top 10.

Steps:

  • Decide the web app type/tech stack (php,aspx,jsp).
  • Check data injection points (input points).
  • fuzzing payloads (fuzzing dictionaries, encoded payloads, superfluous data).
  • Observing the application.

Full Article

👍︎ 5
💬︎
📅︎ Oct 01 2021
🚨︎ report
OWASP - Broken Web Applications Project

Donate - Bitcoin Address - 372wEzWXAGdgvLykKBZYuV6R97ff5FfdzU

-- Please enjoy a slice of the Labs that are now online. Feel free to participate in any of the challenges remotely through the links at the bottom. We have also decided to open a discord specifically to helping with online challenges, wargames and CTFs for the HowToHack community; https://discord.gg/ep2uKUG or visit us using your favorite Internet Relay Chat client at irc.zempirians.com on SSL port +6697.... Participation is always welcomed, but never required nor expected!


Applications Included

This project includes open source applications of various types. Below is is a list of the applications and versions currently on the VM. A the version number ending in +SVN or +GIT indicates that the application is pulled directly to the VM from the application's public source code repository and the code running may be later than the version number indicated.

The lists below are current as of the 1.0 release.


Training Applications

Applications designed for learning which guide the user to specific, intentional vulnerabilities.

  • OWASP WebGoat version 5.4+SVN (Java)

  • OWASP WebGoat.NET version 2012-07-05+GIT

  • OWASP ESAPI Java SwingSet Interactive version 1.0.1+SVN

  • Mutillidae version 2.2.3 (PHP)

  • Damn Vulnerable Web Application version 1.8+SVN (PHP)

  • Ghost (PHP)


Realistic, Intentionally Vulnerable Applications

Applications that have a wide variety of intentional security vulnerabilities, but are designed to look and work like a real application.

  • OWASP Vicnum version 1.5 (PHP/Perl)

  • Peruggia version 1.2 (PHP)

  • Google Gruyere version 2010-07-15 (Python)

  • Hackxor version 2011-04-06 (Java JSP)

  • WackoPicko version 2011-07-12+GIT (PHP)

  • BodgeIt version 1.3+SVN (Java JSP)


Old Versions of Real Applications

Open source applications with one or more known security issues.

  • WordPress 2.0.0 (PHP, released December 31, 2005) with plugins: > * myGallery version 1.2 > * Spreadsheet for WordPress version 0.6

  • OrangeHRM version 2.4.2 (PHP, released May 7, 2009)

  • GetBoo version 1.04 (PHP, released April 7, 2008)

  • gtd-php version 0.7 (PHP, released September 30, 2006)

  • Yazd version 1.0 (Java, released February 20, 2002)

  • WebCalendar version 1.03 (PHP, released April 11, 2006)

  • Gallery2 version 2.1 (PHP, released March 23, 2006)

  • TikiWiki version 1.9.5 (PHP, released September 5, 2006)

  • Joomla

... keep reading on reddit ➡

👍︎ 150
📰︎ r/HowToHack
💬︎
👤︎ u/ps-aux
📅︎ Mar 28 2021
🚨︎ report
Top 10 Node.js Security Best Practices

Node.js is a Javascript runtime built on Chrome’s V8 Javascript engine. It is widely used for building scalable and lightweight network-driven applications. It can be scaled up easily horizontally as well as vertically. Apps development with Node.js are used for both client-side and server-side apps. It has an open-source Javascript runtime environment/ model which provides caching of single modules. Similar to the other programming languages or frameworks, node.js is susceptible to each type of web app exposure. Though the Node.js is secure, third-party packages may require more security standards to protect your app. According to the study, 14% of NPM ecosystem is impacted and 54% of the NPM ecosystem is about to be impacted indirectly. Here we’ll see the top 10 best practices for node.js security. But before going to the security best practices, let see, why do node.js projects have security issues?

Know the amazing new features of Node.js 15 at- What’s New In Node.js 15?

Why Do Node.js Projects Have Security Issues?

Open-source apps derive licensing and security risks from their open-source elements. Also, the security detecting tools like static and dynamic code assessment cannot detect open-source exposures efficiently.

To detect open-source elements in Node.js, you need to assess the NPM index files which explain the dependencies. All things considered, these index files don’t incorporate reused open-source elements. Some of the time, open-source community open-source projects to lower time-to-market, speed-up development and add functionality. As a result, developers can launch code snippets, functions and techniques into files. Also lots of node.js web development projects include licensing terms other than real Node.js license.

Top 10 Node.js Security Risks And Solution Practices-

Node.js security issues can show you vulnerabilities like code injection and advanced constant threats. Let us see a list of Node.js security risks that may cause these vulnerabilities and its possible solution practices.

1. Validate User Input To Limit SQL Injections And XSS Attacks-

Cross-site scripting or XSS lets hackers to infect vulnerable client-side scripts into website pages viewed by various users. Vulnerable client-side scripts can cause data breaches. Also the hacker can use Javascript code. Reason for this is not validating input from users. So, whatever users type in the

... keep reading on reddit ➡

👍︎ 2
📰︎ r/node
💬︎
📅︎ May 04 2021
🚨︎ report
A brief look into areas for security improvements in the CTemplar web app (Part 1/2)

Hello CTemplar Team!

CTemplar has come a long way in the past few months, and it seems well on it's way to becoming a good encrypted email service. It's clear that everyone in the team has been worked incredibly hard to get it this far. I think one of CTemplar's strong points is how feature-complete it is, even during this early stage of development. I believe in their mission of making encrypted email freely available to people, and I would like to help out.

While using the app, I've noticed a couple of little issues and glitches, which I have outlined below. Please don't take any of this as a criticism towards CTemplar or the developers, I am just trying to help in getting the application to a more polished state. I've tried to document them up as clearly, and where possible, I've given the steps to fix

Some of the below issues relate to security, but just to clarify up-front: none of these issues are critical, and if you are a user of CTemplar - you do not have anything to be immediately worried about in regards to the content below. That being said, they do should still be addressed by the devs, in order to keep things as safe as possible for the users going forward.

I have some additional issues (not included in this list), which I would like to discuss privately with someone from the team. I would appreciate if you could reach out, and I will go through them with you. You can find my public key here.

Please forgive me in advance if I've made any mistakes here- I wrote this late at night

---

User Token not Invalidated After Sign Out

When the user signs in with their credentials the server responds with a token, which is stored in the browsers local storage as user_key. And when they sign out, this key is removed from local storage, as expected (this happens in users.service.ts). However, it is never invalidated, leaving the users account vulnerable to a session hijacking attack. If an attacker were to manually insert this token into their browser, they would have full unrestricted access to the victims account. This can be fixed by calling to the server to destroy the token on logout or session expiry, and then generating a fresh access key next time the user signs in.

---

Error in Compatibility Checking Script

When using a browser that doesn't support window.crypto then the no content is loaded (as expected). However the alert()

... keep reading on reddit ➡

👍︎ 15
📰︎ r/ctemplar
💬︎
👤︎ u/lissy93
📅︎ Jan 10 2021
🚨︎ report
ELI5: what is cross site scripting

What are some examples of this occurring and what are ways to prevent it from happening?

👍︎ 7
📰︎ r/hacking
💬︎
👤︎ u/slickyboi
📅︎ Jul 12 2019
🚨︎ report
Bug Bounty training and guide

Hi all,

I am a cyber security guy. I already completed a diploma and specialist diploma in cyber security and undergoing degree in cyber security. I am doing security analyst at the company and it is kinda boring. No offense. I want to do bug bounty as it is different art and interesting on how to find vulnerability in real world. When I use vulnhub and hackthebox, it is kinda different from bug bounty as it offers many vulnerability which you usually seen in exploit-db and you used it to exploit while bug bounty you have to think the other way around and use new ways of exploiting. I am learning training from hackerone the course and the labs. Thank you hackerone but it is somewhat hard and I am not giving up but ergh I kinda need some basic bug bounty guide start from the basic to advanced. I am not able to find any bug bounty training in my country which I have no idea why. I found another website in India, red team hacker academy which offers bug bounty training. Here is the link, https://redteamacademy.com/course/redteam-bbh/

About this I found Indian people who went for this and publicly disclose vulnerability in linkedin. I was so wowed on this. What do you think of this?

I found many bug bounty training on udemy and I am not very sure on this as I found some link which used Metasploit able as vulnerable machine... This machine will never be used in real life world but we usually see it in poor country where you find it but they dont offer bug bounty for those website.Any recommended udemy website.

I am undergoing OSCP practice. I recently went for exam and did not make it. I am trying harder. Thank you OSCP for the great training. I am going for exam again.

i found this link, https://hackerassociate.com/training-and-certification/

is it useful for bug bounty? Please kindly advise

I am thinking that course offered by offensive security is a guidance to bug bounty. Agree or not?

I noticed that bug bounty offers iot and mobile pentest.. So cool and awesome... I am so impressed. I want to learn to hack but I am so sadden and very sad that university and diploma did not offer that. Where to learn this. i need a confirmed path for bug bounty. I try many path basically course but not very effective... I dont care whether I am a selfish guy or whatever you called me.. I just sigh really want to learn bug bounty.

Reason for bug bounty:

... keep reading on reddit ➡

👍︎ 3
💬︎
📅︎ Mar 04 2021
🚨︎ report
[OFFER] I will pentest your website with a detailed report of my findings!

Hi, im currently studying to become a full time Penetration Tester.
As a side job im willing to pentest your websites for 25 euros per website.

What are u getting?
I will check your website for OWASP Top 10 Web App Security Risks, this includes but isnt limited to:

Injection flaws(SQL, NoSQL, LDP injections).
Broken Access Control.
Cross-Site Scripting(XSS)
Outdated server modules, WP plugins etc.
Misconfiguration.
Sensitive Data Exposure.
Insecure Deserialization.
Broken Authentication.

Everything will be documented and sent to the customer in a .pdf format.
This includes:

Detailed documentation of my findings.
Results of those findings getting exploited.
How to prevent it and my general opinion on how to secure your website.

P.S: Im not a professional pentester, im still learning and using this as a opportunity to learn even more. Even if i dont get to find any vulnerability on your website i will still give u tips on how to secure it even more.

👍︎ 2
💬︎
👤︎ u/gnjurac00
📅︎ Dec 23 2020
🚨︎ report
Good sites/ressources for learning XSS. Thx
👍︎ 5
📰︎ r/AskNetsec
💬︎
👤︎ u/lallepot
📅︎ Jul 25 2017
🚨︎ report
CISSP Domain 3 Review Video - Vulnerabilities in Systems

The next domain 3 video is up! This one focuses on Vulnerabilities in Systems: https://youtu.be/fPUypU7ysMw

Topics covered include TOCTOU (Race Conditions), Emanations, Covert Channels, Aggregation & Inference, Polyinstantiation, OWASP Mobile Top 10 (M1: Improper Platform Usage, M2: Insecure Data Storage, M3: Insecure Communication, M4: Insecure Authentication, M5: Insufficient Cryptography, M6: Insecure Authorization, M7: Client Code Quality, M8: Code Tampering, M9: Reverse Engineering, M10: Extraneous Functionality), Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), and SQL Injection

Here are the other review / Mind Map videos I have completed so far:

Domain 2

Domain 3

Domain 5

Domain 6

Domain 7

Domain 8

I have also created a couple of deep dives into topics important to understand for the exam:

All the best in your studies!

👍︎ 3
📰︎ r/cissp
💬︎
👤︎ u/RWitchest
📅︎ Jul 23 2020
🚨︎ report
How to filter url based XSS

guys how could i filter this? <?php echo '<td><a href="editprod.php?Barcode=' . $row['Barcode'] . '">Edit</a></td>'; ?>

👍︎ 2
📰︎ r/xss
💬︎
👤︎ u/BOT_CLIFFE
📅︎ Jul 15 2016
🚨︎ report
Response from ConnectWise CEO

From recent email:

Dear Partners,

Earlier this week, a story was published about potential security vulnerabilities with ConnectWise Control. In the spirit of transparency, I wanted to provide an update on this story and outline what has been done and what our ongoing efforts are to ensure the security of our products, your business and your customers.

In late September, ConnectWise received notification from an organization that operates as a consultant in the security space, stating they had identified eight potential vulnerabilities in ConnectWise Control. While our product and security teams felt that many of these potential vulnerabilities presented a low risk of actual attack to our partners, we take security extremely seriously and investigated, resolving six of the areas of concern by October 2, 2019.

While the threat landscape is ever changing, we seek to constantly and proactively manage security efforts not only through the updating of our products, but through the education of our team and collaboration with third-party security experts.

As security is of critical importance to us, here are some of things we have been doing and where we are today:

  • ConnectWise recently passed an independent SOC 2 Type 2 audit for the benefit of all current and prospective Partners. We regularly conduct penetration tests performed by both internal and external resource and have implemented ethical hacker training, OWASP processes, and consistently run vulnerability assessments on our systems and products.
  • We have implemented tools that automatically evaluate behavior to reduce misuse of our products, started implementing machine learning to detect anomalies in logins, and we are about to launch a bug bounty program, as well as started the rollout of MFA and SSO across the platform.
  • In Q4 of 2019,  we also invested in a comprehensive developer security training curriculum to increase the security skills of our teams and assure that our developers are training on the most recent and relevant application security coding practices.
  • On January 21, 2020 we launched the  ConnectWise Security Trust site, which will be a primary source of information on security incidents, relevant alerts and of course critical patches and product updates.
  • We hired GuidePoint, an independent third-par
... keep reading on reddit ➡

👍︎ 27
📰︎ r/msp
💬︎
👤︎ u/Raptorhigh
📅︎ Jan 25 2020
🚨︎ report
Top sites to practice hacking skills (legally)

credit- icssindia.in

These Websites to exercise your hacking skills whether you are a hacker, cybersecurity, pen-tester, or still a noob.

These vulnerable websites are great for developing our minds, increasing our capacity to solve problems, new innovative ideas come to our minds. Also, you will face brainfuck a lot of difficulties. Never give up always try to give your best. Because if you want to be a professional hacker, then you must know about the hacker attitudes and …

>“real hackers never give up”

There are a lot of gaping holes in almost every security system. And to discover these is this is also a great opportunity to also discover the various tools that are needed for hacking. What the different options are etc. Use these websites to practice your hacking skills so you can be the best defense.

>“An attack is definitely the best form of defense

This applies to a lot of companies, they are hacking their own websites and even recruiting ethical hackers in an attempt to find vulnerabilities before the bad guys do as such ethical hacking is now a much sought after skill.

pwnable.kr

pwnable.kr is a non-commercial wargame site which provides various pwn challenges regarding system exploitation. the main purpose of pwnable.kr is ‘fun’.    please consider each of the challenges as a game. while playing pwnable.kr, you could learn/improve system hacking skills but that shouldn’t be your only purpose.

pwnable.tw

Pwnable.tw is a wargame site for hackers to test and expand their binary exploiting skills.

HOW-TO

  • Try to find out the vulnerabilities that exist in the challenges, exploit the remote services to get flags.
  • The flag is usually at /home/xxx/flag, but sometimes you have to get a shell to read them.
  • Most of the challenges are running on Ubuntu 16.04/18.04 docker image.
  • You can share a write-up or exploit code in your profile, only players who also solved the same challenge are able to see them.

hack.me

Hack.me is a FREE, community-based project powered by eLearnSecurity. The community can build, host, and share vulnerable web application code for educational and research purposes.
It aims to be the largest collection of “runnable” vulner

... keep reading on reddit ➡

👍︎ 15
💬︎
👤︎ u/icssindia
📅︎ Sep 02 2020
🚨︎ report
Introducing RangeForce's Free Community Edition - 20 popular learning modules all for free.

Introducing RangeForce's Free Community Edition!
We've combined our CyberSkills Platform, virtual environments, and 20 popular learning modules all for free. It's for anyone interested in learning cyber skills, at any time, from any browser, anywhere.

Register to get started: https://hubs.la/H0wTvb20

Free Modules Include

SOC

  • Splunk Basics
  • Suricata Basics
  • Suricata IDS Rules
  • YARA Introduction
  • YARA Rule Writing
  • NMAP Basics
  • NMAP SNMP Enumeration

Microsoft

  • Windows Event Logs
  • PowerShell Introduction
  • NTLM Authentication

OWASP / AppSec

  • Cross-Site Scripting : Reflected
  • Cross-Site Scripting : Stored
  • SQL Injection : Prelude
  • SQL Injection : Authentication Bypass

DevOps

  • Docker Introduction
  • Docker Networking
  • Docker Privileged Container Escape
  • Kubernetes Overview
  • Kubernetes Introduction
  • Linux User File Management

Register to get started: https://hubs.la/H0wTvb20

👍︎ 7
💬︎
👤︎ u/RangeForce
📅︎ Sep 24 2020
🚨︎ report
The Critics United Hacks

This post covers: What’s going on, How did it happen, What FFN can do, and What users can do.

What’s going on?

On or about 14 October 2018, users of the fan-fiction hosting site Fanfiction.Net (FFN) began receiving spam comments on their stories from bot accounts with the following format:

>Down with Critics United! >If you are on the same page, cp this message. >Now onto the actual review: >[random excerpt from story] >[generic comment that rarely lines up with the excerpt]

Critics United (CU) is a group of FFN users who have taken it upon themselves to moderate the site and reports users who violate FFN’s rules. This has generated ire among many writers on FFN and often produces the sentiment the bots were spreading. It’s unknown if CU supporters or dissenters are actually behind the bots. Regardless of where FFN users stand on CU, the bot spam is universally unappreciated, but those messages mounted to little more to annoyances. Then someone with computer skills got very annoyed.

On or about 21 October 2018, some FFN users discovered that their profiles were changed without their knowledge or consent, with multiple pro-CU messages . At first, individual hacking was suspected but upon further investigation (by users, FFN has been silent since this whole situation began) it was discovered that FFN is the victim of a cross-site scripting (XSS) attack.

XSS is a type of computer security vulnerability in web applications. It tricks a web browser into believing that the script it sends is from the trusted site instead of a third-party. On FFN, this client side-script is embedded in infected user profiles and runs when a user views an infected profile. This evolved to the script being embedded in links to infected user profiles. The script runs, accesses the user’s login information cookie, and brute forces a guess at the user’s id in order to send change requests for the profile. The script both changes the message of the profile and embeds itself in the profile in order to continue the propagation, effectively making it a worm. There are reports that simply hovering over a link to an infected profile can begin the script, which is possible, but I have not yet had the chance to verify. There is

... keep reading on reddit ➡

👍︎ 316
📰︎ r/FanFiction
💬︎
👤︎ u/skierunner
📅︎ Oct 24 2018
🚨︎ report
A Complete Penetration Testing & Hacking Tools List for Hackers & Security Professionals

https://i.redd.it/7hvs58an33e41.gif

Penetration testingHacking Tools are more often used by security industries to test the vulnerabilities in network and applications. Here you can find the Comprehensive Penetration testing & Hacking Tools list that covers Performing Penetration testing Operation in all the Environment. Penetration testing and ethical hacking tools are a very essential part of every organization to test the vulnerabilities and patch the vulnerable system.

>Also, Read What is Penetration Testing? How to do Penetration Testing?

Penetration Testing & Hacking Tools ListOnline Resources – Hacking ToolsPenetration Testing Resources

Exploit Development

... keep reading on reddit ➡

👍︎ 554
📰︎ r/HowToHack
💬︎
👤︎ u/icssindia
📅︎ Jan 31 2020
🚨︎ report
How to get from zero to webapps pentester/Bug Bounty researcher in 1 year @ 10h. per day

I have a background in network and systems security but I have never touched web development.

I can dedicate 10 hours a day for 1 year straight to this.

I plan to read these books:

  • Hacknotes - Web Security Portable Reference (2003)
  • Cross Site Scripting Attacks Xss Exploits and Defense (2007)
  • The Web Application Hacker's Handbook (2011)
  • The Tangled Web: A Guide to Securing Modern Web Applications (2011)
  • Hacking Web Apps (2012)
  • OWASP Testing Guide v.4 (2014)
  • Application Security Verification Standard 3.0 - owasp (2015)
  • Web-hacking-101 (2015-2017)
  • OWASP Testing Guide (2017)

BUT before I begin to read those books it would make sense to understand the web technologies behind, right?

So, what roadmap would you recommend me to read on which technologies, before getting my hands dirty with web application (in)security?

i.e. - first, read this for HTML, then read this for Javascript, then read that for SQL, read those for PHP...

Thanks!

EDIT: HTML5 and CSS3 All-in-One For Dummies 3rd Edition has a lot of nice reviews at Amazon and it covers the full stack apparently (HTML/CSS/JavaScript/Backend(PHP)/Database(MySQL)).

Any further resources will be welcome.

👍︎ 89
📰︎ r/AskNetsec
💬︎
📅︎ Feb 16 2019
🚨︎ report
XSS explanation, demonstration, and mitigation [Vid] vimeo.com/9765188
👍︎ 26
📰︎ r/netsec
💬︎
👤︎ u/_dustinm_
📅︎ Apr 08 2011
🚨︎ report
[Udemy] Udemy course free for two days - Practical Ethical hacking

Deal Link

Price: $0

Savings: 100%

Expiry: May 2, 2020

Retailer: Udemy

Trying to give back

Welcome to this course on Practical Ethical Hacking. To enjoy this course, you need nothing but a positive attitude and a desire to learn. No prior knowledge is required.

In this course, you will learn the practical side of ethical hacking. Too many courses teach students tools and concepts that are never used in the real world. In this course, we will focus only on tools and topics that will make you successful as an ethical hacker. The course is incredibly hands on and will cover many foundational topics.

In this course, we will cover:

A Day in the Life on an Ethical Hacker. What does an ethical hacker do on a day to day basis? How much can he or she make? What type of assessments might an ethical hacker perform? These questions and more will be answered.

Effective Notekeeping. An ethical hacker is only as good as the notes he or she keeps. We will discuss the important tools you can use to keep notes and be successful in the course and in the field.

Networking Refresher. This section focuses on the concepts of computer networking. We will discuss common ports and protocols, the OSI model, subnetting, and even walk through a network build with using Cisco CLI.

Introductory Linux. Every good ethical hacker knows their way around Linux. This section will introduce you to the basics of Linux and ramp up into building out Bash scripts to automate tasks as the course develops.

Introductory Python. Most ethical hackers are proficient in a programming language. This section will introduce you to one of the most commonly used languages among ethical hackers, Python. You'll learn the ins and outs of Python 3 and by the end, you'll be building your own port scanner and writing exploits in Python.

Hacking Methodology. This section overviews the five stages of hacking, which we will dive deeper into as the course progresses.

Reconnaissance and Information Gathering. You'll learn how to dig up information on a client using open source intelligence. Better yet, you'll learn how to extract breached credentials from databases to perform credential stuffing attacks, hunt down subdomains during client engagements, and gather information with Burp Suite.

Scanning and

... keep reading on reddit ➡

👍︎ 3
📰︎ r/ShopCanada
💬︎
📅︎ May 02 2020
🚨︎ report
Middleware-ratelimit Err Too Many Redirects

So, I solved this issue but I'll admit I don't know what is wrong. Below is the original docker-compose file that would give me too many re-directs. If you continue you'll see the new docker-compose.yml that did work and both the middlewares-chain and middlewares.toml. I don't konw why one works and the other does not. Maybe someone sees it.

Original Docker-Compose.yml that gave me errors.

version: "3.7"

########################### NETWORKS

networks:
  t2_proxy:
    external:
      name: t2_proxy
  default:
    driver: bridge

########################### SERVICES
services:
# All services / apps go below this line

# Traefik 2 - Reverse Proxy
  traefik:
    container_name: traefik
    image: traefik:2.2.1 # the chevrotin tag refers to v2.2.x but introduced a breaking change in 2.2.2
    restart: unless-stopped
    command: # CLI arguments
      - --global.checkNewVersion=true
      - --global.sendAnonymousUsage=true
      - --entryPoints.http.address=:80
      - --entryPoints.https.address=:443
# Allow these IPs to set the X-Forwarded-* headers - Cloudflare IPs: https://www.cloudflare.com/ips/
      - --entrypoints.https.forwardedHeaders.trustedIPs=173.245.48.0/20,103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,141.101.64.0/18,108.162.192.0/18,190.93.240.0/20,188.114.96.0/20,197.234.240.0/22,198.41.128.0/17,162.158.0.0/15,104.16.0.0/12,172.64.0.0/13,131.0.72.0/22
      - --entryPoints.traefik.address=:8090
      - --api=true
#      - --api.insecure=true
#      - --serversTransport.insecureSkipVerify=true
      - --log=true
      - --log.level=DEBUG # (Default: error) DEBUG, INFO, WARN, ERROR, FATAL, PANIC
      - --accessLog=true
      - --accessLog.filePath=/traefik.log
      - --accessLog.bufferingSize=100 # Configuring a buffer of 100 lines
      - --accessLog.filters.statusCodes=400-499
      - --providers.docker=true
      - --providers.docker.endpoint=unix:///var/run/docker.sock
      - --providers.docker.defaultrule=Host(`{{ index .Labels "com.docker.compose.service" }}.$DOMAINNAME`)
      - --providers.docker.exposedByDefault=false
      - --providers.docker.network=t2_proxy
      - --providers.docker.swarmMode=false
      - --providers.file.directory=/rules # Load dynamic configuration from one or more .toml or .yml files in a directory.
#      - --providers.file.
... keep reading on reddit ➡

👍︎ 3
📰︎ r/Traefik
💬︎
👤︎ u/imnobaka
📅︎ Jul 14 2020
🚨︎ report
I passed my SY0-501 !!! :D

Passed it with an 802 yesterday! and here is my perspective from study to test day. Hope this helps and is a bit better formatted than my previous post when I passed the N10-006 a few months back : https://www.reddit.com/r/CompTIA/comments/7lx7he/just_passed_the_n10006_here_are_my_thoughts/

Time In

  • 50 hours reading
  • 20 hours video
  • 20 hours practice tests
  • Span of 2 months

Resources Used

  • Exam Objectives
  • Gibson's SY0-501 Book (read twice)
  • Messer's 140 video SY0-501 playlist
  • Several CBT Nugget Videos on authentication/architecture
  • Transcender Tests just over 400 Q's (you instantly get access with CBT btw :) )
  • Pocket Prep app
  • Gibson's mobile app
  • This thread! super useful reading what people have to say!
  • I'm also enrolled in the Evolve Security Academy Bootcamp program right now and have to say that has also been very useful for a lot of these concepts for the hands-on pieces. Not trying to PR, just recommending!

Links I Found Useful

  • DH - https://www.youtube.com/watch?v=YEBfamv-_do
  • PPP/EAP/802.1X - https://bboxblog.wordpress.com/2012/05/01/ppp-eap-802-1xwhats-the-difference/
  • Access Control Models - http://www.techotopia.com/index.php/Mandatory,_Discretionary,_Role_and_Rule_Based_Access_Control
  • GBAC / RBAC - https://stackoverflow.com/questions/7770728/group-vs-role-any-real-difference
  • Web Vuln # 1 - http://blogs.getcertifiedgetahead.com/secure-coding-techniques/
  • Web Vuln # 2 - https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)
  • RTO/RPO - http://www.techadvisory.org/2014/07/the-difference-between-rto-and-rpo/
  • GCM/CCM - https://www.emsec.rub.de/media/crypto/attachments/files/2011/03/chen.pdf
  • Risk Analysis, the 2 Q's - http://resources.infosecinstitute.com/quantitative-risk-analysis/#gref
  • OpenID / OAuth - https://stackoverflow.com/questions/1087031/whats-the-difference-between-openid-and-oauth

Test Prep

All of the resources mentioned above over 2 months. I think I made over 40 pages of notes and condensed them into 5 pages by the end then 1 page the day before the test. Seriously, writing things out really helps to conceptualize it. In some ways, stepping into this certificate from Network+ was really like learning a new language and then speaking it daily. The more I used CIA, AAA, ACL, NAC, etc terminology into the ways I was describing things to myself and out loud and to others, the more I was realizing it was making more sense.

The Test

This was hard. Like really hard. I u

... keep reading on reddit ➡

👍︎ 13
📰︎ r/CompTIA
💬︎
👤︎ u/fthlus
📅︎ Mar 18 2018
🚨︎ report
Top 10 Hacking Tools Used By Hackers!

Top 10 Best Hacking Tools Of 2017:-

1.Metasploit || Best Tools Of 2017

Rather than calling Metasploit a collection of exploit tools, I’ll call it an infrastructure that you can utilize to build your own custom tools. This free tool is one of the most popular cybersecurity tool around that allows you to locate vulnerabilities at different platforms. Metasploit is backed by more than 200,000 users and contributors that help you to get insights and uncover the weaknesses in your system. This top hacking tool package of 2017 lets you simulate real-world attacks to tell you about the weak points and finds them. As a penetration tester, it pin points the vulnerabilities with Nexpose closed–loop integration using Top Remediation reports. Using the open source Metasploit framework, users can build their own tools and take the best out of this multi-purpose hacking tool.

Supported platforms and download: Metasploit is available for all major platforms including Windows, Linux, and OS X.

  1. Acunetix WVS || Best Hacking Tools Of 2017

Acunetix is a web vulnerability scanner (WVS) that scans and finds out the flaws in a website that could prove fatal. This multi-threaded tool crawls a website and finds out malicious Cross-site Scripting, SQL injection, and other vulnerabilities. This fast and easy to use tool scans WordPress websites from more than 1200 vulnerabilities in WordPress. . ethical-hacking-course-square-ad Acunetix comes with a Login Sequence Recorder that allows one to access the password protected areas of websites. The new AcuSensor technology used in this tool allows you to reduce the false positive rate. Such features have made Acunetix WVS a preferred hacking tools that you need to check out in 2017. Supported platforms and download:Acunetix is available for Windows XP and higher.

  1. Nmap || Best Hacking Tools Of 2017

Nmap – also known as Network Mapper – falls in the category of a port scanner tool.This free and open source hacking tool is the most popular port scanning tool around that allows efficient network discovery and security auditing. Used for a wide range of services, Nmap uses raw IP packets to determine the hosts available on a network, their services along with details, operating systems used by hosts, the type of firewall used, and other information. Last year, Nmap won multiple security products of the year awards and was featured in multiple movies including The Matrix Reloaded, Die Hard 4, and others. Available in the c

... keep reading on reddit ➡

👍︎ 81
💬︎
📅︎ May 23 2017
🚨︎ report
What is Web Fuzzing: How can Web Fuzzing be useful in Pentest?

Fuzzing is generally finding bugs/issues using automated scanning with supplying unexpected data into an application then monitoring it for exceptions/errors/stack traces. The motive is to supply superfluous data to trigger exceptions and see if it could lead to issues.

Fuzzers work best for discovering vulnerabilities that can be exploited by buffer overflow, DOS (denial of service), cross-site scripting, and SQL injection. These schemes are often used by malicious hackers intent on wreaking the greatest possible amount of havoc in the least possible time. Fuzz testing is less effective for dealing with security threats that do not cause program crashes, such as spyware, some viruses, worms, Trojans, and keyloggers.

Although fuzz testing is simple, it offers a high benefit-to-cost ratio and can often reveal serious defects that are overlooked when software is written and debugged. It cannot provide a complete picture of the overall security, quality, or effectiveness of a program, however, and is most effective when used in conjunction with extensive black box testing, beta testing, and other proven debugging methods.

Fuzzing is since several years and has been done in different ways. The term "fuzz" originated from a fall 1998 class project in the graduate Advanced Operating Systems class (CS736), taught by Prof. Barton Miller at the University of Wisconsin.

Fuzzing Web Applications:

Web application fuzzing is basically fuzzing web applications to expose common web vulnerabilities which are mentioned in OWASP  Top 10.

Steps:

  • Decide the web app type/tech stack (php,aspx,jsp).
  • Check data injection points (input points).
  • fuzzing payloads (fuzzing dictionaries, encoded payloads, superfluous data).
  • Observing the application.

Full Article

👍︎ 2
💬︎
📅︎ Oct 01 2021
🚨︎ report
OWASP Broken Web Applications Project

Applications Included

This project includes open source applications of various types. Below is is a list of the applications and versions currently on the VM. A the version number ending in +SVN or +GIT indicates that the application is pulled directly to the VM from the application's public source code repository and the code running may be later than the version number indicated.

The lists below are current as of the 1.0 release.


Training Applications

Applications designed for learning which guide the user to specific, intentional vulnerabilities.

  • OWASP WebGoat version 5.4+SVN (Java)

  • OWASP WebGoat.NET version 2012-07-05+GIT

  • OWASP ESAPI Java SwingSet Interactive version 1.0.1+SVN

  • Mutillidae version 2.2.3 (PHP)

  • Damn Vulnerable Web Application version 1.8+SVN (PHP)

  • Ghost (PHP)


Realistic, Intentionally Vulnerable Applications

Applications that have a wide variety of intentional security vulnerabilities, but are designed to look and work like a real application.

  • OWASP Vicnum version 1.5 (PHP/Perl)

  • Peruggia version 1.2 (PHP)

  • Google Gruyere version 2010-07-15 (Python)

  • Hackxor version 2011-04-06 (Java JSP)

  • WackoPicko version 2011-07-12+GIT (PHP)

  • BodgeIt version 1.3+SVN (Java JSP)


Old Versions of Real Applications

Open source applications with one or more known security issues.

  • WordPress 2.0.0 (PHP, released December 31, 2005) with plugins: > * myGallery version 1.2 > * Spreadsheet for WordPress version 0.6

  • OrangeHRM version 2.4.2 (PHP, released May 7, 2009)

  • GetBoo version 1.04 (PHP, released April 7, 2008)

  • gtd-php version 0.7 (PHP, released September 30, 2006)

  • Yazd version 1.0 (Java, released February 20, 2002)

  • WebCalendar version 1.03 (PHP, released April 11, 2006)

  • Gallery2 version 2.1 (PHP, released March 23, 2006)

  • TikiWiki version 1.9.5 (PHP, released September 5, 2006)

  • Joomla version 1.5.15 (PHP, released November 4, 2009)

  • AWStats version 6.4 (build 1.814, Perl, released February 25,2005)


Applications for Testing Tools

Applications designed for testing automated tools like web application security scanners.

  • OWASP ZAP-WAVE version 0.2+SVN (Java JSP)

  • WAVSEP version 1.2 (Java JSP)

  • WIVET version 3+SVN (PHP)


Demonstration Pages / Small Applications

Little applications or pages with intentional vulnerabilities to demonstrate specific concepts.

  • OWASP CSRFGuard Test Application ver
... keep reading on reddit ➡

👍︎ 8
📰︎ r/OpenHacker
💬︎
👤︎ u/ps-aux
📅︎ Mar 28 2021
🚨︎ report
How and where defend against XSS?

Hello,

I have an application which consists of server part - spring boot and front-end part, where jQuery is used. I am a little bit lost, when I read some articles about XSS, so let me please ask you few questions.

  • 1.) Where should I implement protection? I think, It should be done on the front-end side? Because user potentionally can write <> these symbols in application, so I would escape all characters like <> to HTML entities. So basically, I would send requested data from server and I would do escaping of all data before it is rendered. Is it correct to do it like this?
  • 2.) Or Should I make any XSS protection even on the server side? And how? I would add the following things: CSP, X-XSS-Protection: 1; mode=block
  • 3.) What should be implemented on the front-end side? Escaping characters and then using some kind of whitelist (javascript: etc...). Is it correct? If not, what is correct way to do that?
  • 4.) Would you recommend any libraries which could do the job for me on the front-end side? Like escaping all characters and some kind of whitelist against XSS?
👍︎ 2
💬︎
👤︎ u/Arthyonius
📅︎ Aug 27 2019
🚨︎ report
Server side attacks

I want to study server side attacks, how they are scripted, and how they are carried out. Any recommendations?

👍︎ 4
📰︎ r/hacking
💬︎
👤︎ u/dedbot
📅︎ Dec 01 2017
🚨︎ report
An Open Letter To ConnectWise Partners from Jason Magee Regarding the Bishop Fox Report on ConnectWise Control

Earlier this week, a story was published about potential security vulnerabilities with ConnectWise Control. In the spirit of transparency, I wanted to provide an update on this story and outline what has been done and what our ongoing efforts are to ensure the security of our products, your business and your customers.

In late September, ConnectWise received notification from an organization that operates as a consultant in the security space, stating they had identified eight potential vulnerabilities in ConnectWise Control. While our product and security teams felt that many of these potential vulnerabilities presented a low risk of actual attack to our partners, we take security extremely seriously and investigated, resolving six of the areas of concern by Oct 2, 2019.

While the threat landscape is ever changing, we seek to constantly and proactively manage security efforts not only through the updating of our products, but through the education of our team and collaboration with third-party security experts.

As security is of critical importance to us, here are some of things we have been doing and where we are today:

  • ConnectWise recently passed an independent SOC 2 Type 2 audit for the benefit of all current and prospective Partners. We regularly conduct penetration tests performed by both internal and external resource and have implemented ethical hacker training, OWASP processes, and consistently run vulnerability assessments on our systems and products.

  • We have implemented tools that automatically evaluate behavior to reduce misuse of our products, started implementing machine learning to detect anomalies in logins, and we are about to launch a bug bounty program, as well as started the rollout of MFA and SSO across the platform.

  • In Q4 of 2019, we also invested in a comprehensive developer security training curriculum to increase the security skills of our teams and assure that our developers are training on the most recent and relevant application security coding practices.

  • On January 21, 2020 we launched the ConnectWise Security Trust site, which will be a primary source of information on security incidents, relevant alerts and of course critical patches and product updates.

  • We hired GuidePoint, an independent third-party cybersecurity solutions company, to further validate our patches and confirm that the vulnerabilities were mitigated. We have [publi

... keep reading on reddit ➡

👍︎ 17
💬︎
👤︎ u/chawleycw
📅︎ Jan 24 2020
🚨︎ report
Response from ConnectWise CEO

From recent email:

Dear Partners,

Earlier this week, a story was published about potential security vulnerabilities with ConnectWise Control. In the spirit of transparency, I wanted to provide an update on this story and outline what has been done and what our ongoing efforts are to ensure the security of our products, your business and your customers.

In late September, ConnectWise received notification from an organization that operates as a consultant in the security space, stating they had identified eight potential vulnerabilities in ConnectWise Control. While our product and security teams felt that many of these potential vulnerabilities presented a low risk of actual attack to our partners, we take security extremely seriously and investigated, resolving six of the areas of concern by October 2, 2019.

While the threat landscape is ever changing, we seek to constantly and proactively manage security efforts not only through the updating of our products, but through the education of our team and collaboration with third-party security experts.

As security is of critical importance to us, here are some of things we have been doing and where we are today:

  • ConnectWise recently passed an independent SOC 2 Type 2 audit for the benefit of all current and prospective Partners. We regularly conduct penetration tests performed by both internal and external resource and have implemented ethical hacker training, OWASP processes, and consistently run vulnerability assessments on our systems and products.
  • We have implemented tools that automatically evaluate behavior to reduce misuse of our products, started implementing machine learning to detect anomalies in logins, and we are about to launch a bug bounty program, as well as started the rollout of MFA and SSO across the platform.
  • In Q4 of 2019,  we also invested in a comprehensive developer security training curriculum to increase the security skills of our teams and assure that our developers are training on the most recent and relevant application security coding practices.
  • On January 21, 2020 we launched the  ConnectWise Security Trust site, which will be a primary source of information on security incidents, relevant alerts and of course critical patches and product updates.
  • We hired GuidePoint, an independent third-par
... keep reading on reddit ➡

👍︎ 52
📰︎ r/sysadmin
💬︎
👤︎ u/Raptorhigh
📅︎ Jan 25 2020
🚨︎ report
A Complete Penetration Testing & Hacking Tools List for Hackers & Security Professionals

penetration-testing-hacking-tools

Penetration testingHacking Tools are more often used by security industries to test the vulnerabilities in network and applications. Here you can find the Comprehensive Penetration testing & Hacking Tools list that covers Performing Penetration testing Operation in all the Environment. Penetration testing and ethical hacking tools are a very essential part of every organization to test the vulnerabilities and patch the vulnerable system.

>Also, Read What is Penetration Testing? How to do Penetration Testing?

Penetration Testing & Hacking Tools ListOnline Resources – Hacking ToolsPenetration Testing Resources

Exploit Development

  • [Shel
... keep reading on reddit ➡

👍︎ 307
💬︎
👤︎ u/icssindia
📅︎ Jan 27 2020
🚨︎ report
A Complete Penetration Testing & Hacking Tools List for Hackers & Security Professionals

penetration-testing-hacking-tools

Penetration testingHacking Tools are more often used by security industries to test the vulnerabilities in network and applications. Here you can find the Comprehensive Penetration testing & Hacking Tools list that covers Performing Penetration testing Operation in all the Environment. Penetration testing and ethical hacking tools are a very essential part of every organization to test the vulnerabilities and patch the vulnerable system.

>Also, Read What is Penetration Testing? How to do Penetration Testing?

Penetration Testing & Hacking Tools List

Online Resources – Hacking Tools

Penetration Testing Resources

Exploit Deve

... keep reading on reddit ➡

👍︎ 52
💬︎
👤︎ u/icssindia
📅︎ Jan 20 2020
🚨︎ report

Please note that this site uses cookies to personalise content and adverts, to provide social media features, and to analyse web traffic. Click here for more information.